CVE-2022-35897

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.

Se descubrió una vulnerabilidad de desbordamiento del búfer que provoca un problema de ejecución de código arbitrario en Insyde InsydeH2O con kernel 5.0 a 5.5. Si el atacante modifica variables UEFI específicas, puede provocar un desbordamiento de la pila, lo que lleva a la ejecución de código arbitrario. Las variables específicas normalmente están bloqueadas (de solo lectura) a nivel del sistema operativo y, por lo tanto, un ataque requeriría una modificación directa del SPI. Si un atacante puede cambiar los valores de al menos dos variables de tres (SecureBootEnforce, SecureBoot, RestoreBootSettings), es posible ejecutar código arbitrario.

*Credits: N/A

CVSS Scores

NISTv3.1 6.8

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-11-21 CVE Published
2024-06-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.insyde.com/security-pledge	2022-11-30
https://www.insyde.com/security-pledge/SA-2022041	2022-11-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Insyde Search vendor "Insyde"		Kernel Search vendor "Insyde" for product "Kernel"				>= 5.0 <= 5.5 Search vendor "Insyde" for product "Kernel" and version " >= 5.0 <= 5.5"		-		Affected